Build a Vulnerability Management Program
After your supply chain review, you conduct an interview with the company’s current cybersecurity team about vulnerability management. The team members explain to you that they never scanned or had the time to build a vulnerability management program. So, you need to build one.
Use the NIST Guide to Enterprise Patch Management Technologies, Special Publication 800-40, to develop a program to meet the missing need.
Explain to the managers how to implement this change, why it is needed, and any costs involved.
The next step is a key one that should not be overlooked—the need to educate users from both companies of the changes being made.